SlideShare a Scribd company logo

How to Drive Value from Operational Risk Data - Part 2

Download as PPTX, PDF
Perficient, Inc.
Perficient, Inc.

As complexities in the financial markets continue to increase, so too does the challenge of understanding and mitigating operational risks that can negatively affect the business. Many firms still struggle with risk identification and how data can be leveraged across the enterprise to prevent operational risk losses and gain operational efficiencies. During this webinar, Perficient’s industry experts discussed the evolving role and challenges of operational risk management (ORM) in financial services, tips for a comprehensive approach to identify, assess and mitigate risks, and strategies to gain value from operational risk data to support the business.

1 of 31
HOW TO DRIVE VALUE FROM OPERATIONAL RISK DATA JANUARY 29, 2015
2 ABOUT PERFICIENT Perficient is a leading information technology consulting firm serving clients throughout North America. We help clients implement business-driven technology solutions that integrate business processes, improve worker productivity, increase customer loyalty and create a more agile enterprise to better respond to new business opportunities.
3 GlobalDeliveryCenters/OffshoreDelivery Deep Financial Services Domain Expertise Enterprise Information Solutions Finance Enterprise Insights Portal Web Content Social Solutions SOA Cloud API Solutions Company Wide Practices Deep Financial Services Domain Expertise BANKING Wholesale Consumer Credit Unions Payment Processing Trust & Custody Trade Services Treasury Services ASSET & WEALTH MANAGEMENT Equities & Fixed Income SMA & Wrap Hedge Funds OMS & EMS Portfolio Modeling Portfolio Accounting CAPITAL MARKETS Equities & Fixed Income FX & Commodities Future & Options Electronic Trading INSURANCE Investments Customer Acquisition Property & Casualty Life Annuities Services Claims Evaluation Underwriting Consumer Direct Business/ Technology Solution Rationalization and Delivery Business Process Improvement Program Value, Quality and Cost Management Client Centricity Risk and Regulatory Compliance Finance Transformation Solutions & Services INDUSTRY DRIVEN SOLUTIONS
4 ABOUT THE SPEAKER Richard Brownstein, Director of Risk and Compliance, Perficient Rich leads Risk and Compliance in Perficient’s Financial Services national practice. He has more than 20 years of experience working for and with large financial institutions in the areas of operational risk management, legal and compliance, IT governance, and project portfolio management. He has a deep understanding of industry challenges and best practices. Rich has a proven track record leading strategic business, product and technology initiatives to minimize risk and maximize effectiveness and efficiency for organizations.
5 WHAT WE WANT TO TALK ABOUT TODAY • Introduction • Drivers and Goals of Operational Risk • Risk Identification • How to Capture, Collate and Aggregate Data • Leveraging Risk Intelligence
6 POV: DEFINING OPERATIONAL RISK Basel Committee on Banking Supervision • Operational risk is the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events – and is embedded in every FI products, activities, processes, and systems Executive Level • Enables management transparency to identify the exceptional blind spots and set strategy within risk parameters Department Level • At the 2nd line of defense, operational risk serves as an independent voice in proactive process and control improvement • Although often viewed as another assurance requirement, periodic audit and incident tracker
7 ORGANIZATIONAL BENEFITS HIGH FUNCTIONING OP RISK • Drives management awareness of the business environment, controls and areas requiring improvement – weak controls unattended may result in losses, fines, legal fees and regulatory actions • Results in stronger manual or automated controls allowing management to increase investment and volume expectations due to stabile operational capacity • Leads to lower costs, stronger credit rating and lower cost of capital; lower Basel Operational Risk charges drives profits • Stronger risk measurement and management may reduce frequency and impact of negative news and reputational impacts
8 MANAGERIAL BENEFITS HIGH FUNCTIONING OP RISK • Obtain timely, accurate and complete information and also up-to-date information in time of crisis • Focus on matters of most importance to the organization and strategically allocate or re-allocate resources • Monitor the risks associated with the strategic goals of the organization and to address early, significant signs of deteriorations • Structured information providing focus on key risks • NOT bureaucratic process and paperwork
9 RISK MANAGEMENT DATA FLOW Top Down From senior management perspectives: • Enterprise wide risk assessment • Enterprise wide risks; Top 5-10 Risks / Hot Topics • Risks aligned with enterprise strategic goal. Balance risk, even take risk and reward optimally to steer the company • Board approved Risk Charter Bottom Up From the business perspectives: • Comprehensive assessment and identification of top risk in each business area • Risk identifications is made by the business or functional owner who may have line of sight to the process or influence to control • Risks are specific to a business area - risk owner and process owner may be different. Management Involvement Surface Information
10 RISK MANAGEMENT PROCESSES
11 WHAT IS A RISK ASSESSMENT? RESULTS PROCESSES CHALLENGES Identifies Inherent Risk Gives big picture to senior management Lack of knowledge of firm’s vulnerability by senior management and personnel Tabulates Controls Identifies policies, procedures, processes, key operating procedures Lack of knowledge about control and firm processes Catalogs Residual Risk Identifies areas requiring attention Lack of knowledge of risk associated with each business Manages resources to focus on top control Issues Identifies areas requiring most attention Lack of knowledge of gaps in policies, procedures and processes Allow risk taking within capacity Identifies areas of opportunity and growth Business is not taking full advantage of existing platform, technology and expertise
12 • Each Inherent Risk or regulatory rule is evaluated for each business activity or transaction. • Each regulatory rule has one or more controls, perhaps registered in the control library. Each control is evaluated for its design and operating effectiveness. The resulting score is the Residual Risk. • Assessment, findings, action items logged into GRC tools ASSESSMENT PRINCIPLES
13 RISK ASSESSMENT ARCHITECTURE BUSINESS CHALLENGE:  Senior management and key personnel were not fully aware of the firm’s top risks  Key personnel were not fully trained in the risk assessment process  Key personnel were not fully aware of the risks within their businesses  Key personnel were not fully aware of rules, regulations and best practices impacting their businesses  The data from the firm’s GRC was not managed properly resulting in an attempt to managed data through multiple excel spreadsheets SOLUTION AND SERVICES:  Perficient met with risk, compliance and businesses to understand products and services offered, overall process and management of GRC tool.  Perficient created an inventory questionnaire together with senior management to help business heads catalog products and services offered  Perficient created a regulatory matrix control and together with senior management identify the regulations and requirements for each business  Perficient created regulatory and processes questionnaires similar to information used by auditors or examiners  Perficient worked with GRC vendor to facilitate that the GRC tool to support the risk assessment process RESULTS:  Senior management and key personnel became aware of all products and services offered within the firm  Key personnel and management became aware of rules, regulations and the requirements impacting their businesses  Personnel identified controls within their businesses and identified related gaps  Personnel becomes more knowledgeable in the processes used by auditors and examiners  Client is working towards ensuring all data and reports on risk assessment are management through one source data derived from the GRC
14 SOURCES OF OPERATIONAL RISK DATA Bottom Up – Experiences in the department or field Periodic RCSA or Business Operating Reviews • Performed in different ways, as a questionnaire or discussion based, the business owner and support partners (1st LOD) inventory risks, score controls resulting in key control issues • Aggregating KRIs drive organizational priorities Key Risk Indicators • Data driven measures, metrics, exceptional breaches  drives response • Metrics that matter rather than binders of data Incidents and Lessons Learned (internal and external) • Policy mandated loss and near-miss capture allows for frequency X impact analysis • Scenario analysis and read-across to similar processes  +ROI • IT help desk – users log near-misses and manual workarounds Top Down • Strategic plans / budgets inform 1st LOD where to set capacity • Emerging risks – industry, regulatory, political, economic, social, technology
15 LEVERAGING OPRISK DATA Bottom Up • Transparency of Blind Spots; Action Priority - risk identification, quality of controls (design/effectiveness) and residual risk • Budget - Priority projects; allocation of shared service projects • Patterns/Trends – determine correlation drivers (volume, seasonality) • Incidents – Improves scenario & stress analysis • Loss Data – input for Basel models • GRC Data – aggregate findings from risk, compliance, audit, regulators sets roadmap Top Down • Risk Appetite / Risk Tolerance – Capacity to take on more risk • Regulatory Attestations
16 AGGREGATING RISK DATA • Governance refers to the enterprise consolidated, integrated view • Applies to business rules and limits that are not department, LOB or product specific, or in a silo • Promotes visibility, transparency and data reuse for each area of assurance (risk compliance & audit) across the enterprise • Tools enable Business Intelligence (BI) – integrate diverse and disparate data sources  Dashboards • Historical measures lead to risk aggregated lead to Predictive BI Leverage tools and Structured Data to drive +ROI and Risk Intelligence DRIVES RISK INTELLIGENCE
17 UNSTRUCTURED & STRUCTURED DATA Structured Data Enhance  Aggregate  Interpret Score with Risk Analytics Unstructured Data Collect  Interpret  Score
18 ORM OFFICE STRUCTURE Front Office Local Control Officer • Located with and has deep business & function SME • Assess and analyze business and regulatory risks/controls • 2nd LOD – earned seat at the table Middle Office Risk Infrastructure • Sets or executes risk policies & procedures and taxonomy • Interacts with assurance groups (Compliance & Audit) • Prepares/Leads Risk Committee • Reputation as an OpRisk SME Back Office Risk Operations • Expert users in GRC tools adding leverage to risk FO+MO for desk exams and MI reporting. Drives risk transparency and auditability • Potentially training center for Risk or broader organization • Potential near-shore location To build a high-performing risk organization, the target operating model will be best-in- class over time. Each segment and job function must be fit for purpose. • Assess current operating processes and leading practices to improve mandates, policies, procedures, people, process, technology, SLA and metrics • Rather than a homogeneous risk function – each function’s roles and reputation will become focused, specialized and drive expertise
19 ENTERPRISE RISK MANAGEMENT ADOPTION • Engagement from the 1st Line of Defense is a key to success for adoption • Steps to improve engagement vary based on culture. Other success factors are: - Consistent processes and standards - Interaction and monitoring from the ERM Office - Mandate or tone-from-the-top • Key steps in aiding the BU owner’s adoption of an effective risk assessment program: - Developing policies and procedures - Communicating broader delivery expectations and framework - Training executives and staff Identify Key Risks & Gaps Set Policy & Procedure Communicate to LOB Communicate Timeline & Framework Educate LOB “How To” Perform Risk Assessment Drive Interaction through ERM Framework Monitor & Evaluate Results Adjust Process Repeat ERM for New Cycle TuneExecution
20 STRATEGY & CULTURE • Risk tolerance/thresholds - Qualitative/quantitative • Risk appetite for each category - Linked to strategy • Risk culture • Impact of not linking: market cap more often declines due to flawed strategic decision rather than OpRisk • Assurance groups don’t focus on or link strategy
21 GOVERNANCE • Policies • Committees – Risk Charter • Roles and responsibilities • BU risk liaison - Independent and in CRO org • Talent and training • ORM  ERM (correlation of risk categories) • Review and ensure risk tolerance and appetite aligns with enterprise strategies and visions
22 StrategySettingProcess Board / Senior Management Risk Committee Risk Appetite Risk Capacity aEmerging Risks Risk RegisterRegulatory MRA ORM Office – 2nd Line of Defense Risk ID Internal Incidents RCSAs Key Risk Indicators Risk Register ROLE-BASED CONSIDERATIONS aExternal Incidents Top Risk Themes/ Scenarios BU – 1st Line of Defense TopRiskIDRiskAppetiteRiskCapacityNBILimitSettingCapacity Risk RegisterOperating Plan / Budget Strategic Plan 18-24MonthsTimetoExecute3Months
23 RISK CONTROLS ANALYSIS BUSINESS CHALLENGE:  US Super Regional subsidiary of a global bank established a priority to update all operational process, procedure, and internal operational and regulatory control documentation for the consumer banking lines of business.  Regulators required the bank to achieve a strong level of risk management practices for all lines of business. SOLUTION AND SERVICES:  Perficient reviewed existing operational procedures and risk control libraries.  Conducted interviews and work sessions with key business stakeholders across 16 consumer banking business units to analyze, achieve consensus and document all core business processes across the lines of business.  Developed process maps for more than 100 core business process and their associated sub-processes.  Working with risk managers, reviewed contents of risk control libraries, mapped relevant risk controls to core processes, identified control and developed recommendations for updated controls.  Interfaced with enterprise risk assessment to develop end-to-end product risk assessments utilizing process maps and risk controls analysis deliverables. RESULTS:  Implemented a multi-track effort with key business and risk management stakeholders to analyze and document core business processes across the entire Consumer Banking group distribution and lending business units.  Delivered a robust and maintainable business process analysis and mapping document incorporating operational and compliance controls mapped to process activities.  Reviewed existing risk controls library and identified regulatory and operational control gaps for more than 100 core processes and several hundred sub- processes across consumer banking.
24 RISK CLASSIFICATION • Legal and Compliance • Fraud (Internal / External) • Execution, Delivery and Process • Products and Business Practice • Third Party, Vendor, Counterparty • Strategic / Policy • Financial • Service Delivery or Operational • Employment Practice, Workplace Safety • IT, Business Disruption • Privacy / Security • Environmental Factors / External FOR FINANCIAL FIRMS & INSURERS
25 PROTOCOLS & TAXONOMY • Develop comprehensive dictionary of risks • Use same language for similar processes • Use consistent approaches for risks identification, responses and escalations • Apply critical thinking • Ask for data once > Reuse • Use technology (GRC tool) to capture and aggregate risks
26 CONTROLS • Process mapping/Control libraries • Risk identification and recognition • Key risk indicators (KRIs) • Risk assessment • Risk monitoring • Loss data capturing and reporting
27 RISK TREATMENT
28 OPTIMIZING ORM PROCESSES Identification, categorization and prioritization results: • Prioritizes/escalates high-frequency/high-impact operational risk events to management or the Board while alerting BU of mid/low risk events • Take preventative measure to timely correct deficiencies • Recognize trends and emerging risks and take action • Aggregate operational risk losses for reporting • Loss data serves as input for capital planning and the CCAR (Comprehensive Capital Analysis Review) process
29 WHAT ARE REGULATORS LOOKING FOR? Board of Directors directives are effective and are being followed: • Senior management must ensure that adequate policies, processes, procedures including technology are in place to support the enterprise risk appetite of the firm • Senior management needs to ensure businesses are managed by staff with experience and knowledge about their area of responsibility • Senior management must remain flexible to respond to competition and innovation in the industry (affecting their businesses) • Senior management must ensure new business, new markets are fully reviewed and risks and potential risks are identified and controls are put in place prior to commencing business • Senior management must aggregate all major risk and report these risks periodically to the Board of Directors
30 • Bubble-up risks / “metrics that matter” to provide the Board/RiskCo with a jump-off point • Link strategy to risk and risk to strategy  Pressure test strategic plan • Board and delegated RiskCo must drive Risk and Strategy discussion • Structured risk data provides insight to reverse slow decision making and risk aversion • Drive Integrated Assurance not stand-alone risk, compliance, and audit • GRC tool and taxonomy can unify risk appetite across the business • Process mapping codifies decision making framework rather than rely only on individual judgment for BAU activity • Operational risk can manage risk, not prevent risk
31 FOLLOW US ONLINE blogs.perficient.com/financialservices @Perficient_FS

Recommended

99+ Siebel CTMS Best Practices You Should Follow
99+ Siebel CTMS Best Practices You Should Follow99+ Siebel CTMS Best Practices You Should Follow
99+ Siebel CTMS Best Practices You Should Follow
Perficient, Inc.
 
Transform Unstructured Data Into Relevant Data with IBM StoredIQ
Transform Unstructured Data Into Relevant Data with IBM StoredIQTransform Unstructured Data Into Relevant Data with IBM StoredIQ
Transform Unstructured Data Into Relevant Data with IBM StoredIQ
Perficient, Inc.
 
Population Health Colloquium 2015: Mini Summit IV: Who is Your Champion of Cl...
Population Health Colloquium 2015: Mini Summit IV: Who is Your Champion of Cl...Population Health Colloquium 2015: Mini Summit IV: Who is Your Champion of Cl...
Population Health Colloquium 2015: Mini Summit IV: Who is Your Champion of Cl...
Perficient, Inc.
 
Engage Patients, Reduce Manual Processes and Drive Key Insights with Interope...
Engage Patients, Reduce Manual Processes and Drive Key Insights with Interope...Engage Patients, Reduce Manual Processes and Drive Key Insights with Interope...
Engage Patients, Reduce Manual Processes and Drive Key Insights with Interope...
Perficient, Inc.
 
Healthcare Enterprise Data Model: The Buy vs. Build Debate
Healthcare Enterprise Data Model: The Buy vs. Build DebateHealthcare Enterprise Data Model: The Buy vs. Build Debate
Healthcare Enterprise Data Model: The Buy vs. Build Debate
Perficient, Inc.
 
Building a Better Healthcare Dashboard
Building a Better Healthcare DashboardBuilding a Better Healthcare Dashboard
Building a Better Healthcare Dashboard
Perficient, Inc.
 
Drive Compliance and Profit with Oracle Healthcare Analytics
Drive Compliance and Profit with Oracle Healthcare AnalyticsDrive Compliance and Profit with Oracle Healthcare Analytics
Drive Compliance and Profit with Oracle Healthcare Analytics
Perficient, Inc.
 
Implementing Digital Signatures in an FDA-Regulated Environment
Implementing Digital Signatures in an FDA-Regulated EnvironmentImplementing Digital Signatures in an FDA-Regulated Environment
Implementing Digital Signatures in an FDA-Regulated Environment
Perficient, Inc.
 

Recommended

99+ Siebel CTMS Best Practices You Should Follow
99+ Siebel CTMS Best Practices You Should Follow99+ Siebel CTMS Best Practices You Should Follow
99+ Siebel CTMS Best Practices You Should Follow
Perficient, Inc.
 
Transform Unstructured Data Into Relevant Data with IBM StoredIQ
Transform Unstructured Data Into Relevant Data with IBM StoredIQTransform Unstructured Data Into Relevant Data with IBM StoredIQ
Transform Unstructured Data Into Relevant Data with IBM StoredIQ
Perficient, Inc.
 
Population Health Colloquium 2015: Mini Summit IV: Who is Your Champion of Cl...
Population Health Colloquium 2015: Mini Summit IV: Who is Your Champion of Cl...Population Health Colloquium 2015: Mini Summit IV: Who is Your Champion of Cl...
Population Health Colloquium 2015: Mini Summit IV: Who is Your Champion of Cl...
Perficient, Inc.
 
Engage Patients, Reduce Manual Processes and Drive Key Insights with Interope...
Engage Patients, Reduce Manual Processes and Drive Key Insights with Interope...Engage Patients, Reduce Manual Processes and Drive Key Insights with Interope...
Engage Patients, Reduce Manual Processes and Drive Key Insights with Interope...
Perficient, Inc.
 
Healthcare Enterprise Data Model: The Buy vs. Build Debate
Healthcare Enterprise Data Model: The Buy vs. Build DebateHealthcare Enterprise Data Model: The Buy vs. Build Debate
Healthcare Enterprise Data Model: The Buy vs. Build Debate
Perficient, Inc.
 
Building a Better Healthcare Dashboard
Building a Better Healthcare DashboardBuilding a Better Healthcare Dashboard
Building a Better Healthcare Dashboard
Perficient, Inc.
 
Drive Compliance and Profit with Oracle Healthcare Analytics
Drive Compliance and Profit with Oracle Healthcare AnalyticsDrive Compliance and Profit with Oracle Healthcare Analytics
Drive Compliance and Profit with Oracle Healthcare Analytics
Perficient, Inc.
 
Implementing Digital Signatures in an FDA-Regulated Environment
Implementing Digital Signatures in an FDA-Regulated EnvironmentImplementing Digital Signatures in an FDA-Regulated Environment
Implementing Digital Signatures in an FDA-Regulated Environment
Perficient, Inc.
 
The Top 5 CTMS Enhancements You Can Make
The Top 5 CTMS Enhancements You Can MakeThe Top 5 CTMS Enhancements You Can Make
The Top 5 CTMS Enhancements You Can Make
Perficient, Inc.
 
HIPAA Compliance and its Relationship to Pharmacovigilance
HIPAA Compliance and its Relationship to PharmacovigilanceHIPAA Compliance and its Relationship to Pharmacovigilance
HIPAA Compliance and its Relationship to Pharmacovigilance
Perficient, Inc.
 
Using JReview to Analyze Clinical and Pharmacovigilance Data in Disparate Sys...
Using JReview to Analyze Clinical and Pharmacovigilance Data in Disparate Sys...Using JReview to Analyze Clinical and Pharmacovigilance Data in Disparate Sys...
Using JReview to Analyze Clinical and Pharmacovigilance Data in Disparate Sys...
Perficient, Inc.
 
Enterprise Capacity Optimization - Capacity Management Over Everything
Enterprise Capacity Optimization - Capacity Management Over EverythingEnterprise Capacity Optimization - Capacity Management Over Everything
Enterprise Capacity Optimization - Capacity Management Over Everything
TeamQuest Corporation
 
How to Load Data More Quickly and Accurately into Oracle's Life Sciences Data...
How to Load Data More Quickly and Accurately into Oracle's Life Sciences Data...How to Load Data More Quickly and Accurately into Oracle's Life Sciences Data...
How to Load Data More Quickly and Accurately into Oracle's Life Sciences Data...
Perficient, Inc.
 
ACO = HIE + Analytics - a Healthcare IT Presentation
ACO = HIE + Analytics - a Healthcare IT PresentationACO = HIE + Analytics - a Healthcare IT Presentation
ACO = HIE + Analytics - a Healthcare IT Presentation
Perficient, Inc.
 
Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud SolutionsFortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Perficient, Inc.
 
IBM Enterprise Contract Management ROI
IBM Enterprise Contract Management ROI IBM Enterprise Contract Management ROI
IBM Enterprise Contract Management ROI
Perficient, Inc.
 
How to Structure the Data Organization
How to Structure the Data OrganizationHow to Structure the Data Organization
How to Structure the Data Organization
Robyn Bollhorst
 
Establishing enterprise wide data governance - CDAO 2019 Auckland
Establishing enterprise wide data governance - CDAO 2019 AucklandEstablishing enterprise wide data governance - CDAO 2019 Auckland
Establishing enterprise wide data governance - CDAO 2019 Auckland
Ali Khan
 
KSA Business Intelligence Qualifications
KSA Business Intelligence QualificationsKSA Business Intelligence Qualifications
KSA Business Intelligence Qualifications
JDOLIV
 
Unlocking Success in the 3 Stages of Master Data Management
Unlocking Success in the 3 Stages of Master Data ManagementUnlocking Success in the 3 Stages of Master Data Management
Unlocking Success in the 3 Stages of Master Data Management
Perficient, Inc.
 
Operational Risk Management Data Validation Architecture
Operational Risk Management Data Validation ArchitectureOperational Risk Management Data Validation Architecture
Operational Risk Management Data Validation Architecture
Alan McSweeney
 
EOK Technologies - Healthcare IT services
EOK Technologies - Healthcare IT servicesEOK Technologies - Healthcare IT services
EOK Technologies - Healthcare IT services
EOKTechnologies
 
Practical Cloud - Stephen Betts (Avanade)
Practical Cloud - Stephen Betts (Avanade)Practical Cloud - Stephen Betts (Avanade)
Practical Cloud - Stephen Betts (Avanade)
Spiffy
 
Red Hat Forum Norway 2017 - Red Hat on Azure Partners in Digital Innovation
Red Hat Forum Norway 2017 - Red Hat on Azure Partners in Digital InnovationRed Hat Forum Norway 2017 - Red Hat on Azure Partners in Digital Innovation
Red Hat Forum Norway 2017 - Red Hat on Azure Partners in Digital Innovation
Vadim Zendejas
 
Teradata Professional Services Overview
Teradata Professional Services OverviewTeradata Professional Services Overview
Teradata Professional Services Overview
Teradata
 
Enterprise Architecture
Enterprise Architecture Enterprise Architecture
Enterprise Architecture
Axis Technology, LLC
 
IBM Software Capabilities
IBM Software CapabilitiesIBM Software Capabilities
IBM Software Capabilities
None
 
Akili Oil & Gas Data Practice - PPDM
Akili Oil & Gas Data Practice - PPDMAkili Oil & Gas Data Practice - PPDM
Akili Oil & Gas Data Practice - PPDM
rnaramore
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis
Evan Francen
 
Risk Dashboard
Risk Dashboard Risk Dashboard
Risk Dashboard
Michel Rochette
 

More Related Content

What's hot

The Top 5 CTMS Enhancements You Can Make
The Top 5 CTMS Enhancements You Can MakeThe Top 5 CTMS Enhancements You Can Make
The Top 5 CTMS Enhancements You Can Make
Perficient, Inc.
 
HIPAA Compliance and its Relationship to Pharmacovigilance
HIPAA Compliance and its Relationship to PharmacovigilanceHIPAA Compliance and its Relationship to Pharmacovigilance
HIPAA Compliance and its Relationship to Pharmacovigilance
Perficient, Inc.
 
Using JReview to Analyze Clinical and Pharmacovigilance Data in Disparate Sys...
Using JReview to Analyze Clinical and Pharmacovigilance Data in Disparate Sys...Using JReview to Analyze Clinical and Pharmacovigilance Data in Disparate Sys...
Using JReview to Analyze Clinical and Pharmacovigilance Data in Disparate Sys...
Perficient, Inc.
 
Enterprise Capacity Optimization - Capacity Management Over Everything
Enterprise Capacity Optimization - Capacity Management Over EverythingEnterprise Capacity Optimization - Capacity Management Over Everything
Enterprise Capacity Optimization - Capacity Management Over Everything
TeamQuest Corporation
 
How to Load Data More Quickly and Accurately into Oracle's Life Sciences Data...
How to Load Data More Quickly and Accurately into Oracle's Life Sciences Data...How to Load Data More Quickly and Accurately into Oracle's Life Sciences Data...
How to Load Data More Quickly and Accurately into Oracle's Life Sciences Data...
Perficient, Inc.
 
ACO = HIE + Analytics - a Healthcare IT Presentation
ACO = HIE + Analytics - a Healthcare IT PresentationACO = HIE + Analytics - a Healthcare IT Presentation
ACO = HIE + Analytics - a Healthcare IT Presentation
Perficient, Inc.
 
Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud SolutionsFortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Perficient, Inc.
 
IBM Enterprise Contract Management ROI
IBM Enterprise Contract Management ROI IBM Enterprise Contract Management ROI
IBM Enterprise Contract Management ROI
Perficient, Inc.
 
How to Structure the Data Organization
How to Structure the Data OrganizationHow to Structure the Data Organization
How to Structure the Data Organization
Robyn Bollhorst
 
Establishing enterprise wide data governance - CDAO 2019 Auckland
Establishing enterprise wide data governance - CDAO 2019 AucklandEstablishing enterprise wide data governance - CDAO 2019 Auckland
Establishing enterprise wide data governance - CDAO 2019 Auckland
Ali Khan
 
KSA Business Intelligence Qualifications
KSA Business Intelligence QualificationsKSA Business Intelligence Qualifications
KSA Business Intelligence Qualifications
JDOLIV
 
Unlocking Success in the 3 Stages of Master Data Management
Unlocking Success in the 3 Stages of Master Data ManagementUnlocking Success in the 3 Stages of Master Data Management
Unlocking Success in the 3 Stages of Master Data Management
Perficient, Inc.
 
Operational Risk Management Data Validation Architecture
Operational Risk Management Data Validation ArchitectureOperational Risk Management Data Validation Architecture
Operational Risk Management Data Validation Architecture
Alan McSweeney
 
EOK Technologies - Healthcare IT services
EOK Technologies - Healthcare IT servicesEOK Technologies - Healthcare IT services
EOK Technologies - Healthcare IT services
EOKTechnologies
 
Practical Cloud - Stephen Betts (Avanade)
Practical Cloud - Stephen Betts (Avanade)Practical Cloud - Stephen Betts (Avanade)
Practical Cloud - Stephen Betts (Avanade)
Spiffy
 
Red Hat Forum Norway 2017 - Red Hat on Azure Partners in Digital Innovation
Red Hat Forum Norway 2017 - Red Hat on Azure Partners in Digital InnovationRed Hat Forum Norway 2017 - Red Hat on Azure Partners in Digital Innovation
Red Hat Forum Norway 2017 - Red Hat on Azure Partners in Digital Innovation
Vadim Zendejas
 
Teradata Professional Services Overview
Teradata Professional Services OverviewTeradata Professional Services Overview
Teradata Professional Services Overview
Teradata
 
Enterprise Architecture
Enterprise Architecture Enterprise Architecture
Enterprise Architecture
Axis Technology, LLC
 
IBM Software Capabilities
IBM Software CapabilitiesIBM Software Capabilities
IBM Software Capabilities
None
 
Akili Oil & Gas Data Practice - PPDM
Akili Oil & Gas Data Practice - PPDMAkili Oil & Gas Data Practice - PPDM
Akili Oil & Gas Data Practice - PPDM
rnaramore
 

What's hot (20)

The Top 5 CTMS Enhancements You Can Make
The Top 5 CTMS Enhancements You Can MakeThe Top 5 CTMS Enhancements You Can Make
The Top 5 CTMS Enhancements You Can Make
 
HIPAA Compliance and its Relationship to Pharmacovigilance
HIPAA Compliance and its Relationship to PharmacovigilanceHIPAA Compliance and its Relationship to Pharmacovigilance
HIPAA Compliance and its Relationship to Pharmacovigilance
 
Using JReview to Analyze Clinical and Pharmacovigilance Data in Disparate Sys...
Using JReview to Analyze Clinical and Pharmacovigilance Data in Disparate Sys...Using JReview to Analyze Clinical and Pharmacovigilance Data in Disparate Sys...
Using JReview to Analyze Clinical and Pharmacovigilance Data in Disparate Sys...
 
Enterprise Capacity Optimization - Capacity Management Over Everything
Enterprise Capacity Optimization - Capacity Management Over EverythingEnterprise Capacity Optimization - Capacity Management Over Everything
Enterprise Capacity Optimization - Capacity Management Over Everything
 
How to Load Data More Quickly and Accurately into Oracle's Life Sciences Data...
How to Load Data More Quickly and Accurately into Oracle's Life Sciences Data...How to Load Data More Quickly and Accurately into Oracle's Life Sciences Data...
How to Load Data More Quickly and Accurately into Oracle's Life Sciences Data...
 
ACO = HIE + Analytics - a Healthcare IT Presentation
ACO = HIE + Analytics - a Healthcare IT PresentationACO = HIE + Analytics - a Healthcare IT Presentation
ACO = HIE + Analytics - a Healthcare IT Presentation
 
Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud SolutionsFortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
Fortify Your Enterprise with IBM Smarter Counter-Fraud Solutions
 
IBM Enterprise Contract Management ROI
IBM Enterprise Contract Management ROI IBM Enterprise Contract Management ROI
IBM Enterprise Contract Management ROI
 
How to Structure the Data Organization
How to Structure the Data OrganizationHow to Structure the Data Organization
How to Structure the Data Organization
 
Establishing enterprise wide data governance - CDAO 2019 Auckland
Establishing enterprise wide data governance - CDAO 2019 AucklandEstablishing enterprise wide data governance - CDAO 2019 Auckland
Establishing enterprise wide data governance - CDAO 2019 Auckland
 
KSA Business Intelligence Qualifications
KSA Business Intelligence QualificationsKSA Business Intelligence Qualifications
KSA Business Intelligence Qualifications
 
Unlocking Success in the 3 Stages of Master Data Management
Unlocking Success in the 3 Stages of Master Data ManagementUnlocking Success in the 3 Stages of Master Data Management
Unlocking Success in the 3 Stages of Master Data Management
 
Operational Risk Management Data Validation Architecture
Operational Risk Management Data Validation ArchitectureOperational Risk Management Data Validation Architecture
Operational Risk Management Data Validation Architecture
 
EOK Technologies - Healthcare IT services
EOK Technologies - Healthcare IT servicesEOK Technologies - Healthcare IT services
EOK Technologies - Healthcare IT services
 
Practical Cloud - Stephen Betts (Avanade)
Practical Cloud - Stephen Betts (Avanade)Practical Cloud - Stephen Betts (Avanade)
Practical Cloud - Stephen Betts (Avanade)
 
Red Hat Forum Norway 2017 - Red Hat on Azure Partners in Digital Innovation
Red Hat Forum Norway 2017 - Red Hat on Azure Partners in Digital InnovationRed Hat Forum Norway 2017 - Red Hat on Azure Partners in Digital Innovation
Red Hat Forum Norway 2017 - Red Hat on Azure Partners in Digital Innovation
 
Teradata Professional Services Overview
Teradata Professional Services OverviewTeradata Professional Services Overview
Teradata Professional Services Overview
 
Enterprise Architecture
Enterprise Architecture Enterprise Architecture
Enterprise Architecture
 
IBM Software Capabilities
IBM Software CapabilitiesIBM Software Capabilities
IBM Software Capabilities
 
Akili Oil & Gas Data Practice - PPDM
Akili Oil & Gas Data Practice - PPDMAkili Oil & Gas Data Practice - PPDM
Akili Oil & Gas Data Practice - PPDM
 

Viewers also liked

Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis
Evan Francen
 
Risk Dashboard
Risk Dashboard Risk Dashboard
Risk Dashboard
Michel Rochette
 
Migration Dashboard Template ver. 2
Migration Dashboard Template ver. 2Migration Dashboard Template ver. 2
Migration Dashboard Template ver. 2arvinronald
 
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment ApproachIso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approachtschraider
 
Integrated GRC
Integrated GRCIntegrated GRC
Integrated GRC
Transcendent Group
 
Operation Risk Management in Banking Sector
Operation Risk Management in Banking SectorOperation Risk Management in Banking Sector
Operation Risk Management in Banking SectorSanjay Kumbhar
 
Operational risk management (orm)
Operational risk management (orm)Operational risk management (orm)
Operational risk management (orm)Bushra Angbeen
 
Supply Chain Risk Management
Supply Chain Risk ManagementSupply Chain Risk Management
Supply Chain Risk Management
Anand Subramaniam
 

Viewers also liked (8)

Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis
 
Risk Dashboard
Risk Dashboard Risk Dashboard
Risk Dashboard
 
Migration Dashboard Template ver. 2
Migration Dashboard Template ver. 2Migration Dashboard Template ver. 2
Migration Dashboard Template ver. 2
 
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment ApproachIso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approach
 
Integrated GRC
Integrated GRCIntegrated GRC
Integrated GRC
 
Operation Risk Management in Banking Sector
Operation Risk Management in Banking SectorOperation Risk Management in Banking Sector
Operation Risk Management in Banking Sector
 
Operational risk management (orm)
Operational risk management (orm)Operational risk management (orm)
Operational risk management (orm)
 
Supply Chain Risk Management
Supply Chain Risk ManagementSupply Chain Risk Management
Supply Chain Risk Management
 

Similar to How to Drive Value from Operational Risk Data - Part 2

Internal Audit Strategic Framework
Internal Audit Strategic FrameworkInternal Audit Strategic Framework
Internal Audit Strategic Framework
Jeremy Cheng
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
Nidhi Gupta
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013Nidhi Gupta
 
Continuous Transaction Monitoring Detect and analyze anomalous transactions t...
Continuous Transaction Monitoring Detect and analyze anomalous transactions t...Continuous Transaction Monitoring Detect and analyze anomalous transactions t...
Continuous Transaction Monitoring Detect and analyze anomalous transactions t...
Genpact Ltd
 
Dennis Batdorf resume
Dennis Batdorf resumeDennis Batdorf resume
Dennis Batdorf resume
Dennis Batdorf
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
Tuan Phan
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
Tri Phan
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a Strategy
NICSA
 
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear LLC
 
CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard Jim Robins
 
Power your businesswith risk informed decisions
Power your businesswith risk informed decisionsPower your businesswith risk informed decisions
Power your businesswith risk informed decisions
Alireza Ghahrood
 
Government and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsGovernment and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP Systems
Dan Aldridge, ERP Software Evangelist, LION
 
It62015 slides
It62015 slidesIt62015 slides
It62015 slides
Jim Kaplan CIA CFE
 
An IT Governance program
An IT Governance programAn IT Governance program
An IT Governance program
John Goodpasture
 
Bpo risk management 2013
Bpo risk management 2013Bpo risk management 2013
Bpo risk management 2013Nidhi Gupta
 

Similar to How to Drive Value from Operational Risk Data - Part 2 (20)

Internal Audit Strategic Framework
Internal Audit Strategic FrameworkInternal Audit Strategic Framework
Internal Audit Strategic Framework
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Continuous Transaction Monitoring Detect and analyze anomalous transactions t...
Continuous Transaction Monitoring Detect and analyze anomalous transactions t...Continuous Transaction Monitoring Detect and analyze anomalous transactions t...
Continuous Transaction Monitoring Detect and analyze anomalous transactions t...
 
Dennis Batdorf resume
Dennis Batdorf resumeDennis Batdorf resume
Dennis Batdorf resume
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a Strategy
 
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and Trends
 
CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard CML Group GRCaaS Dashboard
CML Group GRCaaS Dashboard
 
Power your businesswith risk informed decisions
Power your businesswith risk informed decisionsPower your businesswith risk informed decisions
Power your businesswith risk informed decisions
 
Government and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP SystemsGovernment and SOX Compliance for ERP Systems
Government and SOX Compliance for ERP Systems
 
It62015 slides
It62015 slidesIt62015 slides
It62015 slides
 
An IT Governance program
An IT Governance programAn IT Governance program
An IT Governance program
 
Bpo risk management 2013
Bpo risk management 2013Bpo risk management 2013
Bpo risk management 2013
 
Bpo risk management 2013
Bpo risk management 2013Bpo risk management 2013
Bpo risk management 2013
 
Bpo risk management 2013
Bpo risk management 2013Bpo risk management 2013
Bpo risk management 2013
 
Bpo risk management 2013
Bpo risk management 2013Bpo risk management 2013
Bpo risk management 2013
 

More from Perficient, Inc.

Driving Strong 2020 Holiday Season Results
Driving Strong 2020 Holiday Season ResultsDriving Strong 2020 Holiday Season Results
Driving Strong 2020 Holiday Season Results
Perficient, Inc.
 
Transforming Pharmacovigilance Workflows with AI & Automation
Transforming Pharmacovigilance Workflows with AI & Automation Transforming Pharmacovigilance Workflows with AI & Automation
Transforming Pharmacovigilance Workflows with AI & Automation
Perficient, Inc.
 
The Secret to Acquiring and Retaining Customers in Financial Services
The Secret to Acquiring and Retaining Customers in Financial ServicesThe Secret to Acquiring and Retaining Customers in Financial Services
The Secret to Acquiring and Retaining Customers in Financial Services
Perficient, Inc.
 
Oracle Strategic Modeling Live: Defined. Discussed. Demonstrated.
Oracle Strategic Modeling Live: Defined. Discussed. Demonstrated.Oracle Strategic Modeling Live: Defined. Discussed. Demonstrated.
Oracle Strategic Modeling Live: Defined. Discussed. Demonstrated.
Perficient, Inc.
 
Content, Commerce, and... COVID
Content, Commerce, and... COVIDContent, Commerce, and... COVID
Content, Commerce, and... COVID
Perficient, Inc.
 
Centene's Financial Transformation Journey: A OneStream Success Story
Centene's Financial Transformation Journey: A OneStream Success StoryCentene's Financial Transformation Journey: A OneStream Success Story
Centene's Financial Transformation Journey: A OneStream Success Story
Perficient, Inc.
 
Automate Medical Coding With WHODrug Koda
Automate Medical Coding With WHODrug KodaAutomate Medical Coding With WHODrug Koda
Automate Medical Coding With WHODrug Koda
Perficient, Inc.
 
Preparing for Your Oracle, Medidata, and Veeva CTMS Migration Project
Preparing for Your Oracle, Medidata, and Veeva CTMS Migration ProjectPreparing for Your Oracle, Medidata, and Veeva CTMS Migration Project
Preparing for Your Oracle, Medidata, and Veeva CTMS Migration Project
Perficient, Inc.
 
Accelerating Partner Management: How Manufacturers Can Navigate Covid-19
Accelerating Partner Management: How Manufacturers Can Navigate Covid-19Accelerating Partner Management: How Manufacturers Can Navigate Covid-19
Accelerating Partner Management: How Manufacturers Can Navigate Covid-19
Perficient, Inc.
 
The Critical Role of Audience Intelligence with Eric Enge and Rand Fishkin
The Critical Role of Audience Intelligence with Eric Enge and Rand FishkinThe Critical Role of Audience Intelligence with Eric Enge and Rand Fishkin
The Critical Role of Audience Intelligence with Eric Enge and Rand Fishkin
Perficient, Inc.
 
Cardtronics Future Ready with Oracle EPM Cloud
Cardtronics Future Ready with Oracle EPM CloudCardtronics Future Ready with Oracle EPM Cloud
Cardtronics Future Ready with Oracle EPM Cloud
Perficient, Inc.
 
Teams Summit - What is New and Coming
Teams Summit - What is New and ComingTeams Summit - What is New and Coming
Teams Summit - What is New and Coming
Perficient, Inc.
 
Empower Your Organization with Teams & Remote Work Crisis Management
Empower Your Organization with Teams & Remote Work Crisis ManagementEmpower Your Organization with Teams & Remote Work Crisis Management
Empower Your Organization with Teams & Remote Work Crisis Management
Perficient, Inc.
 
Adoption & Change Management Overview
Adoption & Change Management OverviewAdoption & Change Management Overview
Adoption & Change Management Overview
Perficient, Inc.
 
Microsoft Teams: Measuring Activity of Employees Working from Home
Microsoft Teams: Measuring Activity of Employees Working from HomeMicrosoft Teams: Measuring Activity of Employees Working from Home
Microsoft Teams: Measuring Activity of Employees Working from Home
Perficient, Inc.
 
Securing Teams with Microsoft 365 Security for Remote Work
Securing Teams with Microsoft 365 Security for Remote WorkSecuring Teams with Microsoft 365 Security for Remote Work
Securing Teams with Microsoft 365 Security for Remote Work
Perficient, Inc.
 
Infrastructure Best Practices for Teams Remote Workers
Infrastructure Best Practices for Teams Remote WorkersInfrastructure Best Practices for Teams Remote Workers
Infrastructure Best Practices for Teams Remote Workers
Perficient, Inc.
 
Accelerate Adoption for Microsoft Teams
Accelerate Adoption for Microsoft TeamsAccelerate Adoption for Microsoft Teams
Accelerate Adoption for Microsoft Teams
Perficient, Inc.
 
Preparing for Project Cortex and the Future of Knowledge Management
Preparing for Project Cortex and the Future of Knowledge ManagementPreparing for Project Cortex and the Future of Knowledge Management
Preparing for Project Cortex and the Future of Knowledge Management
Perficient, Inc.
 
Utilizing Microsoft 365 Security for Remote Work
Utilizing Microsoft 365 Security for Remote Work Utilizing Microsoft 365 Security for Remote Work
Utilizing Microsoft 365 Security for Remote Work
Perficient, Inc.
 

More from Perficient, Inc. (20)

Driving Strong 2020 Holiday Season Results
Driving Strong 2020 Holiday Season ResultsDriving Strong 2020 Holiday Season Results
Driving Strong 2020 Holiday Season Results
 
Transforming Pharmacovigilance Workflows with AI & Automation
Transforming Pharmacovigilance Workflows with AI & Automation Transforming Pharmacovigilance Workflows with AI & Automation
Transforming Pharmacovigilance Workflows with AI & Automation
 
The Secret to Acquiring and Retaining Customers in Financial Services
The Secret to Acquiring and Retaining Customers in Financial ServicesThe Secret to Acquiring and Retaining Customers in Financial Services
The Secret to Acquiring and Retaining Customers in Financial Services
 
Oracle Strategic Modeling Live: Defined. Discussed. Demonstrated.
Oracle Strategic Modeling Live: Defined. Discussed. Demonstrated.Oracle Strategic Modeling Live: Defined. Discussed. Demonstrated.
Oracle Strategic Modeling Live: Defined. Discussed. Demonstrated.
 
Content, Commerce, and... COVID
Content, Commerce, and... COVIDContent, Commerce, and... COVID
Content, Commerce, and... COVID
 
Centene's Financial Transformation Journey: A OneStream Success Story
Centene's Financial Transformation Journey: A OneStream Success StoryCentene's Financial Transformation Journey: A OneStream Success Story
Centene's Financial Transformation Journey: A OneStream Success Story
 
Automate Medical Coding With WHODrug Koda
Automate Medical Coding With WHODrug KodaAutomate Medical Coding With WHODrug Koda
Automate Medical Coding With WHODrug Koda
 
Preparing for Your Oracle, Medidata, and Veeva CTMS Migration Project
Preparing for Your Oracle, Medidata, and Veeva CTMS Migration ProjectPreparing for Your Oracle, Medidata, and Veeva CTMS Migration Project
Preparing for Your Oracle, Medidata, and Veeva CTMS Migration Project
 
Accelerating Partner Management: How Manufacturers Can Navigate Covid-19
Accelerating Partner Management: How Manufacturers Can Navigate Covid-19Accelerating Partner Management: How Manufacturers Can Navigate Covid-19
Accelerating Partner Management: How Manufacturers Can Navigate Covid-19
 
The Critical Role of Audience Intelligence with Eric Enge and Rand Fishkin
The Critical Role of Audience Intelligence with Eric Enge and Rand FishkinThe Critical Role of Audience Intelligence with Eric Enge and Rand Fishkin
The Critical Role of Audience Intelligence with Eric Enge and Rand Fishkin
 
Cardtronics Future Ready with Oracle EPM Cloud
Cardtronics Future Ready with Oracle EPM CloudCardtronics Future Ready with Oracle EPM Cloud
Cardtronics Future Ready with Oracle EPM Cloud
 
Teams Summit - What is New and Coming
Teams Summit - What is New and ComingTeams Summit - What is New and Coming
Teams Summit - What is New and Coming
 
Empower Your Organization with Teams & Remote Work Crisis Management
Empower Your Organization with Teams & Remote Work Crisis ManagementEmpower Your Organization with Teams & Remote Work Crisis Management
Empower Your Organization with Teams & Remote Work Crisis Management
 
Adoption & Change Management Overview
Adoption & Change Management OverviewAdoption & Change Management Overview
Adoption & Change Management Overview
 
Microsoft Teams: Measuring Activity of Employees Working from Home
Microsoft Teams: Measuring Activity of Employees Working from HomeMicrosoft Teams: Measuring Activity of Employees Working from Home
Microsoft Teams: Measuring Activity of Employees Working from Home
 
Securing Teams with Microsoft 365 Security for Remote Work
Securing Teams with Microsoft 365 Security for Remote WorkSecuring Teams with Microsoft 365 Security for Remote Work
Securing Teams with Microsoft 365 Security for Remote Work
 
Infrastructure Best Practices for Teams Remote Workers
Infrastructure Best Practices for Teams Remote WorkersInfrastructure Best Practices for Teams Remote Workers
Infrastructure Best Practices for Teams Remote Workers
 
Accelerate Adoption for Microsoft Teams
Accelerate Adoption for Microsoft TeamsAccelerate Adoption for Microsoft Teams
Accelerate Adoption for Microsoft Teams
 
Preparing for Project Cortex and the Future of Knowledge Management
Preparing for Project Cortex and the Future of Knowledge ManagementPreparing for Project Cortex and the Future of Knowledge Management
Preparing for Project Cortex and the Future of Knowledge Management
 
Utilizing Microsoft 365 Security for Remote Work
Utilizing Microsoft 365 Security for Remote Work Utilizing Microsoft 365 Security for Remote Work
Utilizing Microsoft 365 Security for Remote Work
 

Recently uploaded

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 

Recently uploaded (20)

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 

How to Drive Value from Operational Risk Data - Part 2

  • 1. HOW TO DRIVE VALUE FROM OPERATIONAL RISK DATA JANUARY 29, 2015
  • 2. 2 ABOUT PERFICIENT Perficient is a leading information technology consulting firm serving clients throughout North America. We help clients implement business-driven technology solutions that integrate business processes, improve worker productivity, increase customer loyalty and create a more agile enterprise to better respond to new business opportunities.
  • 3. 3 GlobalDeliveryCenters/OffshoreDelivery Deep Financial Services Domain Expertise Enterprise Information Solutions Finance Enterprise Insights Portal Web Content Social Solutions SOA Cloud API Solutions Company Wide Practices Deep Financial Services Domain Expertise BANKING Wholesale Consumer Credit Unions Payment Processing Trust & Custody Trade Services Treasury Services ASSET & WEALTH MANAGEMENT Equities & Fixed Income SMA & Wrap Hedge Funds OMS & EMS Portfolio Modeling Portfolio Accounting CAPITAL MARKETS Equities & Fixed Income FX & Commodities Future & Options Electronic Trading INSURANCE Investments Customer Acquisition Property & Casualty Life Annuities Services Claims Evaluation Underwriting Consumer Direct Business/ Technology Solution Rationalization and Delivery Business Process Improvement Program Value, Quality and Cost Management Client Centricity Risk and Regulatory Compliance Finance Transformation Solutions & Services INDUSTRY DRIVEN SOLUTIONS
  • 4. 4 ABOUT THE SPEAKER Richard Brownstein, Director of Risk and Compliance, Perficient Rich leads Risk and Compliance in Perficient’s Financial Services national practice. He has more than 20 years of experience working for and with large financial institutions in the areas of operational risk management, legal and compliance, IT governance, and project portfolio management. He has a deep understanding of industry challenges and best practices. Rich has a proven track record leading strategic business, product and technology initiatives to minimize risk and maximize effectiveness and efficiency for organizations.
  • 5. 5 WHAT WE WANT TO TALK ABOUT TODAY • Introduction • Drivers and Goals of Operational Risk • Risk Identification • How to Capture, Collate and Aggregate Data • Leveraging Risk Intelligence
  • 6. 6 POV: DEFINING OPERATIONAL RISK Basel Committee on Banking Supervision • Operational risk is the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events – and is embedded in every FI products, activities, processes, and systems Executive Level • Enables management transparency to identify the exceptional blind spots and set strategy within risk parameters Department Level • At the 2nd line of defense, operational risk serves as an independent voice in proactive process and control improvement • Although often viewed as another assurance requirement, periodic audit and incident tracker
  • 7. 7 ORGANIZATIONAL BENEFITS HIGH FUNCTIONING OP RISK • Drives management awareness of the business environment, controls and areas requiring improvement – weak controls unattended may result in losses, fines, legal fees and regulatory actions • Results in stronger manual or automated controls allowing management to increase investment and volume expectations due to stabile operational capacity • Leads to lower costs, stronger credit rating and lower cost of capital; lower Basel Operational Risk charges drives profits • Stronger risk measurement and management may reduce frequency and impact of negative news and reputational impacts
  • 8. 8 MANAGERIAL BENEFITS HIGH FUNCTIONING OP RISK • Obtain timely, accurate and complete information and also up-to-date information in time of crisis • Focus on matters of most importance to the organization and strategically allocate or re-allocate resources • Monitor the risks associated with the strategic goals of the organization and to address early, significant signs of deteriorations • Structured information providing focus on key risks • NOT bureaucratic process and paperwork
  • 9. 9 RISK MANAGEMENT DATA FLOW Top Down From senior management perspectives: • Enterprise wide risk assessment • Enterprise wide risks; Top 5-10 Risks / Hot Topics • Risks aligned with enterprise strategic goal. Balance risk, even take risk and reward optimally to steer the company • Board approved Risk Charter Bottom Up From the business perspectives: • Comprehensive assessment and identification of top risk in each business area • Risk identifications is made by the business or functional owner who may have line of sight to the process or influence to control • Risks are specific to a business area - risk owner and process owner may be different. Management Involvement Surface Information
  • 11. 11 WHAT IS A RISK ASSESSMENT? RESULTS PROCESSES CHALLENGES Identifies Inherent Risk Gives big picture to senior management Lack of knowledge of firm’s vulnerability by senior management and personnel Tabulates Controls Identifies policies, procedures, processes, key operating procedures Lack of knowledge about control and firm processes Catalogs Residual Risk Identifies areas requiring attention Lack of knowledge of risk associated with each business Manages resources to focus on top control Issues Identifies areas requiring most attention Lack of knowledge of gaps in policies, procedures and processes Allow risk taking within capacity Identifies areas of opportunity and growth Business is not taking full advantage of existing platform, technology and expertise
  • 12. 12 • Each Inherent Risk or regulatory rule is evaluated for each business activity or transaction. • Each regulatory rule has one or more controls, perhaps registered in the control library. Each control is evaluated for its design and operating effectiveness. The resulting score is the Residual Risk. • Assessment, findings, action items logged into GRC tools ASSESSMENT PRINCIPLES
  • 13. 13 RISK ASSESSMENT ARCHITECTURE BUSINESS CHALLENGE:  Senior management and key personnel were not fully aware of the firm’s top risks  Key personnel were not fully trained in the risk assessment process  Key personnel were not fully aware of the risks within their businesses  Key personnel were not fully aware of rules, regulations and best practices impacting their businesses  The data from the firm’s GRC was not managed properly resulting in an attempt to managed data through multiple excel spreadsheets SOLUTION AND SERVICES:  Perficient met with risk, compliance and businesses to understand products and services offered, overall process and management of GRC tool.  Perficient created an inventory questionnaire together with senior management to help business heads catalog products and services offered  Perficient created a regulatory matrix control and together with senior management identify the regulations and requirements for each business  Perficient created regulatory and processes questionnaires similar to information used by auditors or examiners  Perficient worked with GRC vendor to facilitate that the GRC tool to support the risk assessment process RESULTS:  Senior management and key personnel became aware of all products and services offered within the firm  Key personnel and management became aware of rules, regulations and the requirements impacting their businesses  Personnel identified controls within their businesses and identified related gaps  Personnel becomes more knowledgeable in the processes used by auditors and examiners  Client is working towards ensuring all data and reports on risk assessment are management through one source data derived from the GRC
  • 14. 14 SOURCES OF OPERATIONAL RISK DATA Bottom Up – Experiences in the department or field Periodic RCSA or Business Operating Reviews • Performed in different ways, as a questionnaire or discussion based, the business owner and support partners (1st LOD) inventory risks, score controls resulting in key control issues • Aggregating KRIs drive organizational priorities Key Risk Indicators • Data driven measures, metrics, exceptional breaches  drives response • Metrics that matter rather than binders of data Incidents and Lessons Learned (internal and external) • Policy mandated loss and near-miss capture allows for frequency X impact analysis • Scenario analysis and read-across to similar processes  +ROI • IT help desk – users log near-misses and manual workarounds Top Down • Strategic plans / budgets inform 1st LOD where to set capacity • Emerging risks – industry, regulatory, political, economic, social, technology
  • 15. 15 LEVERAGING OPRISK DATA Bottom Up • Transparency of Blind Spots; Action Priority - risk identification, quality of controls (design/effectiveness) and residual risk • Budget - Priority projects; allocation of shared service projects • Patterns/Trends – determine correlation drivers (volume, seasonality) • Incidents – Improves scenario & stress analysis • Loss Data – input for Basel models • GRC Data – aggregate findings from risk, compliance, audit, regulators sets roadmap Top Down • Risk Appetite / Risk Tolerance – Capacity to take on more risk • Regulatory Attestations
  • 16. 16 AGGREGATING RISK DATA • Governance refers to the enterprise consolidated, integrated view • Applies to business rules and limits that are not department, LOB or product specific, or in a silo • Promotes visibility, transparency and data reuse for each area of assurance (risk compliance & audit) across the enterprise • Tools enable Business Intelligence (BI) – integrate diverse and disparate data sources  Dashboards • Historical measures lead to risk aggregated lead to Predictive BI Leverage tools and Structured Data to drive +ROI and Risk Intelligence DRIVES RISK INTELLIGENCE
  • 17. 17 UNSTRUCTURED & STRUCTURED DATA Structured Data Enhance  Aggregate  Interpret Score with Risk Analytics Unstructured Data Collect  Interpret  Score
  • 18. 18 ORM OFFICE STRUCTURE Front Office Local Control Officer • Located with and has deep business & function SME • Assess and analyze business and regulatory risks/controls • 2nd LOD – earned seat at the table Middle Office Risk Infrastructure • Sets or executes risk policies & procedures and taxonomy • Interacts with assurance groups (Compliance & Audit) • Prepares/Leads Risk Committee • Reputation as an OpRisk SME Back Office Risk Operations • Expert users in GRC tools adding leverage to risk FO+MO for desk exams and MI reporting. Drives risk transparency and auditability • Potentially training center for Risk or broader organization • Potential near-shore location To build a high-performing risk organization, the target operating model will be best-in- class over time. Each segment and job function must be fit for purpose. • Assess current operating processes and leading practices to improve mandates, policies, procedures, people, process, technology, SLA and metrics • Rather than a homogeneous risk function – each function’s roles and reputation will become focused, specialized and drive expertise
  • 19. 19 ENTERPRISE RISK MANAGEMENT ADOPTION • Engagement from the 1st Line of Defense is a key to success for adoption • Steps to improve engagement vary based on culture. Other success factors are: - Consistent processes and standards - Interaction and monitoring from the ERM Office - Mandate or tone-from-the-top • Key steps in aiding the BU owner’s adoption of an effective risk assessment program: - Developing policies and procedures - Communicating broader delivery expectations and framework - Training executives and staff Identify Key Risks & Gaps Set Policy & Procedure Communicate to LOB Communicate Timeline & Framework Educate LOB “How To” Perform Risk Assessment Drive Interaction through ERM Framework Monitor & Evaluate Results Adjust Process Repeat ERM for New Cycle TuneExecution
  • 20. 20 STRATEGY & CULTURE • Risk tolerance/thresholds - Qualitative/quantitative • Risk appetite for each category - Linked to strategy • Risk culture • Impact of not linking: market cap more often declines due to flawed strategic decision rather than OpRisk • Assurance groups don’t focus on or link strategy
  • 21. 21 GOVERNANCE • Policies • Committees – Risk Charter • Roles and responsibilities • BU risk liaison - Independent and in CRO org • Talent and training • ORM  ERM (correlation of risk categories) • Review and ensure risk tolerance and appetite aligns with enterprise strategies and visions
  • 22. 22 StrategySettingProcess Board / Senior Management Risk Committee Risk Appetite Risk Capacity aEmerging Risks Risk RegisterRegulatory MRA ORM Office – 2nd Line of Defense Risk ID Internal Incidents RCSAs Key Risk Indicators Risk Register ROLE-BASED CONSIDERATIONS aExternal Incidents Top Risk Themes/ Scenarios BU – 1st Line of Defense TopRiskIDRiskAppetiteRiskCapacityNBILimitSettingCapacity Risk RegisterOperating Plan / Budget Strategic Plan 18-24MonthsTimetoExecute3Months
  • 23. 23 RISK CONTROLS ANALYSIS BUSINESS CHALLENGE:  US Super Regional subsidiary of a global bank established a priority to update all operational process, procedure, and internal operational and regulatory control documentation for the consumer banking lines of business.  Regulators required the bank to achieve a strong level of risk management practices for all lines of business. SOLUTION AND SERVICES:  Perficient reviewed existing operational procedures and risk control libraries.  Conducted interviews and work sessions with key business stakeholders across 16 consumer banking business units to analyze, achieve consensus and document all core business processes across the lines of business.  Developed process maps for more than 100 core business process and their associated sub-processes.  Working with risk managers, reviewed contents of risk control libraries, mapped relevant risk controls to core processes, identified control and developed recommendations for updated controls.  Interfaced with enterprise risk assessment to develop end-to-end product risk assessments utilizing process maps and risk controls analysis deliverables. RESULTS:  Implemented a multi-track effort with key business and risk management stakeholders to analyze and document core business processes across the entire Consumer Banking group distribution and lending business units.  Delivered a robust and maintainable business process analysis and mapping document incorporating operational and compliance controls mapped to process activities.  Reviewed existing risk controls library and identified regulatory and operational control gaps for more than 100 core processes and several hundred sub- processes across consumer banking.
  • 24. 24 RISK CLASSIFICATION • Legal and Compliance • Fraud (Internal / External) • Execution, Delivery and Process • Products and Business Practice • Third Party, Vendor, Counterparty • Strategic / Policy • Financial • Service Delivery or Operational • Employment Practice, Workplace Safety • IT, Business Disruption • Privacy / Security • Environmental Factors / External FOR FINANCIAL FIRMS & INSURERS
  • 25. 25 PROTOCOLS & TAXONOMY • Develop comprehensive dictionary of risks • Use same language for similar processes • Use consistent approaches for risks identification, responses and escalations • Apply critical thinking • Ask for data once > Reuse • Use technology (GRC tool) to capture and aggregate risks
  • 26. 26 CONTROLS • Process mapping/Control libraries • Risk identification and recognition • Key risk indicators (KRIs) • Risk assessment • Risk monitoring • Loss data capturing and reporting
  • 28. 28 OPTIMIZING ORM PROCESSES Identification, categorization and prioritization results: • Prioritizes/escalates high-frequency/high-impact operational risk events to management or the Board while alerting BU of mid/low risk events • Take preventative measure to timely correct deficiencies • Recognize trends and emerging risks and take action • Aggregate operational risk losses for reporting • Loss data serves as input for capital planning and the CCAR (Comprehensive Capital Analysis Review) process
  • 29. 29 WHAT ARE REGULATORS LOOKING FOR? Board of Directors directives are effective and are being followed: • Senior management must ensure that adequate policies, processes, procedures including technology are in place to support the enterprise risk appetite of the firm • Senior management needs to ensure businesses are managed by staff with experience and knowledge about their area of responsibility • Senior management must remain flexible to respond to competition and innovation in the industry (affecting their businesses) • Senior management must ensure new business, new markets are fully reviewed and risks and potential risks are identified and controls are put in place prior to commencing business • Senior management must aggregate all major risk and report these risks periodically to the Board of Directors
  • 30. 30 • Bubble-up risks / “metrics that matter” to provide the Board/RiskCo with a jump-off point • Link strategy to risk and risk to strategy  Pressure test strategic plan • Board and delegated RiskCo must drive Risk and Strategy discussion • Structured risk data provides insight to reverse slow decision making and risk aversion • Drive Integrated Assurance not stand-alone risk, compliance, and audit • GRC tool and taxonomy can unify risk appetite across the business • Process mapping codifies decision making framework rather than rely only on individual judgment for BAU activity • Operational risk can manage risk, not prevent risk